[Snort-users] Need help with PC config

Thrynn thrynn404 at ...11827...
Fri Aug 4 14:46:18 EDT 2006


On 8/3/06, Mike Montgomery <mmontgomery at ...13755...> wrote:
>
> Hi, attempting to setup a snort-inline box.  What I want to do is be able
> to filter traffic with the box just having traffic pass thru 2 nics on a
> bridge.  But when I setup the nic's in bridge mode, and do the
>
> iptables -I INPUT -p tcp --dport 80 -j QUEUE
>
>
The INPUT chain is for packets going TO the box. For your bridge, packets
are going through the box. Put your QUEUE rule on the FORWARD chain.


then run snort, it dont catch anything.  I have tried enabling the porn
> rules, and search for items in the content and it throws up no alerts, nor
> drop anything (depending on rules used).  Can I not have the nics in
> bridge?  How would i pass traffic thru the box seamlessly without being
> bridged?
>
> Mike
> --
> Mike Montgomery
> Network Administrator
> Tower Climbing & Rescue
>
> Citizens Communications
> Broadband & Tower Service
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060804/f7bba043/attachment.html>


More information about the Snort-users mailing list